Описание
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2017.20170613.44572-8ubuntu0.2 |
| devel | not-affected | 2022.20220321.62855-5.1 |
| esm-infra/bionic | not-affected | 2017.20170613.44572-8ubuntu0.2 |
| esm-infra/focal | not-affected | 2019.20190605.51237-3ubuntu0.1 |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 2019.20190605.51237-3ubuntu0.1 |
| jammy | released | 2021.20210626.59705-1ubuntu0.1 |
| kinetic | released | 2022.20220321.62855-4ubuntu0.1 |
| lunar | released | 2022.20220321.62855-5ubuntu0.1 |
| trusty | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
7.8 High
CVSS3
Связанные уязвимости
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when ...
EPSS
7.8 High
CVSS3